DNS Sinkhole in BIND

Lightner, Jeff JLightner at water.com
Mon Oct 17 20:05:02 UTC 2011


I’m confused – does the OP want to block or does he want to redirect.  “block/redirect” are two different things.   What I wrote will block.   If he wants to redirect that’s fine but I don’t think he’d want to redirect to his real webserver – why send bogus traffic there and also take the risk that being so directed the bad user will be able to hack?   Dropping the packet in DNS stops it cold.   (Not saying they can’t get to web server’s via legitimate paths but it appears the OP has know malefactors.)   Is the OP building a honeypot?






________________________________
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Ryan Novosielski
Sent: Monday, October 17, 2011 3:52 PM
To: babu dheen; Bind Users Mailing List; cet1 at cam.ac.uk
Subject: Re: DNS Sinkhole in BIND

I do this. There may now be a smarter way, but I have a small number so this is manageable for me: configure zones for each of the evil zones. Your server will appear authoritative and you can direct clients wherever you like. I direct some of mine to a virtualhost handing out 503 errors.


-- Sent from my Palm Pre


________________________________
On Oct 17, 2011 13:46, babu dheen <babudheen at yahoo.co.in> wrote:
YOu are obsolutely correct Chris.. I want to block/redirect all malware domain request intiated by clients by setting up DNS SINKHOLE in Redhat BIND server.



--- On Mon, 17/10/11, Chris Thompson <cet1 at cam.ac.uk> wrote:

From: Chris Thompson <cet1 at cam.ac.uk>
Subject: Re: DNS Sinkhole in BIND
To: "Bind Users Mailing List" <bind-users at lists.isc.org>
Cc: "babu dheen" <babudheen at yahoo.co.in>
Date: Monday, 17 October, 2011, 8:19 PM
On Oct 16 2011, babu dheen wrote:

> Can anyone help me how to setup DNS Sinkhole in BIND on Linux 32 bit edition.

All the replies to this so far seem to assume that he wants to block evil
entities from using his nameservers. But Google seems to suggest that
"DNS Sinkhole" usually refers to redirecting names that are being used
for evil purposes to e.g. a local monitoring station - not the same thing
at all.

-- Chris Thompson
Email: cet1 at cam.ac.uk<http://in.mc1373.mail.yahoo.com/mc/compose?to=cet1@cam.ac.uk>








Athena®, Created for the Cause™

Making a Difference in the Fight Against Breast Cancer



---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111017/7db33a03/attachment.html>


More information about the bind-users mailing list